Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method, comprising: determining that a policy associated with a virtual machine (VM) does not require scanning of the VM prior to launching; causing a scanning VM to perform the scan on packets generated by the VM, wherein the scanning VM and the VM are hosted within a multi-tenant environment; evaluating a result of the scan against the policy; determining that the result of the scan complies with at least one scan requirement of the policy; and enabling modifications to security of the VM for communicating subsequent packets from the VM to one or more resources in the multi-tenant environment.
2. The computer-implemented method of claim 1 , further comprising: receiving individual ones of the packets at the scanning VM; analyzing the individual ones of the packets using one or more tasks defined in the scanning VM; and providing the result of the scan.
3. The computer-implemented method of claim 1 , further comprising: receiving information for the policy from at least one of a provider of the multi-tenant environment, an administrator of the one or more resources, or a source of a request to launch the VM; and storing the policy for use in processing subsequently-received launch requests.
4. The computer-implemented method of claim 3 , further comprising: providing an application programming interface (API) enabling the policy to be specified for the subsequently-received launch requests, the API associated with the one or more resources.
5. A system, comprising: at least one device processor; and memory including instructions that, when executed by the at least one device processor, cause the system to: determine that a policy associated with a virtual machine (VM) does not require scanning of the VM prior to launching; cause a scanning VM to perform the scan on packets generated by the VM, wherein the scanning VM and the VM are hosted within a multi-tenant environment; evaluate a result of the scan against the policy; determine that the result of the scan complies with at least one scan requirement of the policy; and enable modifications to security of the VM for communicating subsequent packets from the VM to one or more resources in the multi-tenant environment.
6. The system of claim 5 , wherein the instruction when executed further cause the system to: receive individual ones of the packets at the scanning VM; analyze the individual ones of the packets using one or more tasks defined in the scanning VM; and provide the result of the scan.
7. The system of claim 5 , wherein the VM is a first instance of the VM in a sub-network of the resource environment.
8. The system of claim 7 , wherein the instructions when executed further cause the system to: terminate the first instance; and launch a second instance of the VM in the resource environment.
9. The system of claim 5 , wherein the VM includes at least one of a host server, a sub-network, a virtual private cloud, or a customer network.
10. The system of claim 5 , wherein the instruction when executed further cause the system to: determine whether a request associated with the VM includes a security credential before determining that the VM does not require the scanning of the VM prior to the launching, the security credential indicating that the scanning had been performed previously for the VM and would not need to be performed for the request.
11. The system of claim 5 , wherein the instruction when executed further cause the system to: determine that the result satisfies the at least one connection criteria defined in the policy.
12. The system of claim 5 , wherein the instruction when executed further cause the system to: determine, from an electronic marketplace, a service offering the scanning, wherein information for the scanning and the VM are available to the service.
13. The system of claim 5 , wherein the scanning includes at least one of security vulnerability scan, a virus scan, a malware scan, a data loss prevention scan, an interoperability scan, an integration capability scan, an available functionality scan, or a performance scan.
14. The system of claim 5 , wherein the scanning is performed by a hypervisor within a host machine that hosts the VM.
15. The system of claim 5 , wherein existing infrastructure in the multi-tenant environment is configured to provide one or more execution services for the VM.
16. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computer system, cause the computer system to: determine that a policy associated with a virtual machine (VM) does not require scanning of the VM prior to launching; cause a scanning VM to perform the scan on packets generated by the VM, wherein the scanning VM and the VM are hosted within a multi-tenant environment; evaluate a result of the scan against the policy; determine that the result of the scan complies with at least one scan requirement of the policy; and enable modifications to security of the VM for communicating subsequent packets from the VM to one or more resources in the multi-tenant environment.
17. The non-transitory computer-readable storage medium of claim 16 , wherein the instructions when executed further cause the computer system to: receive individual ones of the packets at the scanning VM; analyze the individual ones of the packets using one or more tasks defined in the scanning VM; and provide the result of the scan.
18. The non-transitory computer-readable storage medium of claim 16 , wherein the instructions when executed further cause the computer system to: determine, from an electronic marketplace, a service offering the scanning, wherein information for the scanning and the VM are available to the service.
19. The non-transitory computer-readable storage medium of claim 16 , wherein the instructions when executed further cause the computer system to: determine that the result satisfies the at least one connection criteria defined in the policy.
20. The non-transitory computer-readable storage medium of claim 16 , wherein the instructions when executed further cause the computer system to: determine whether a request associated with the VM includes a security credential before determining that the VM does not require the scanning of the VM prior to the launching, the security credential indicating that the scanning had been performed previously for the VM and would not need to be performed for the request.
Unknown
January 21, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.